Exchange 2007 LDAP Search Time errors

Posted on 2010-01-08
Last Modified: 2013-12-24
We have always noticed the following error in MOM - indicating an LDAP Search Time Critical Error on our HUB/CAS Servers...  the MS range is anywhere from 111ms up to over 400ms... yet if I do a constant PING from both CAS servers... and leave them running all day long, I see no more than 1-2ms response.. and a 1ms total average over a 24 hour period.

Is this just a MOM issue reading these settings incorrectly?  We have another site in Australia, which when I see their alerts, they do see the same LDAP Critical error... yet the expected test results are all the same.

I don't really think there is any negative network performance or system performance based on these errors... but I just want to be proactive and make sure there isn't something I am missing.. or if there is something I can tweak to help prevent these problems from coming up.

Current Setup:

2 x 2008 Enterprise x64 Bit, Exchange 07 CAS/HUB Servers.  1 NLB NIC, 1 Outbound Mail NIC
2 x 2008 Enterprise x64 Bit, Exchange 07 Mailbox Servers (Clustered) 1 Public NIC, 1 Heartbeat NIC

Severity:  Critical Error
Source:  MSExchange ADAccess Domain Controllers:  LDAP Search Time:
Name:  LDAP Search Time - sustained for 5 minutes - Red(>100msec).
MSExchange ADAccess Domain Controllers:  LDAP Search Time: value = 114.473333333334

Knowledge base article for this alert: The average over last 5 samples is 114.473.

Time:  12/1/2009 04:31:00
Alert:  http://SERVERNAMEREMOVED:1272/?v=a&id=0F8646FB-5C71-40F2-8684-CCC86E62436C
Question by:MaiMcNulty
    1 Comment
    LVL 51

    Accepted Solution

    Personally I wouldn't get twisted up about it. We have SCOM 2007 and get the same sort of numbers periodically. Of course ping is not the same as ldap queries - whilst a ping is straight send/receive activity at layer 3, an ldap query is effectively at the application layer, requires the responding AD server to perform the test and for the management system to get the responses back. If the AD server that responds to the query is busy then it might not be that surprising.


    Featured Post

    Too many email signature updates to deal with?

    Are you constantly visiting users’ desks making changes to email signatures? Feel like it’s taking up all of your time? Wish you could manage all signatures from one central location, easily design them and deploy them quickly to users? Well, there is an easy way!

    Join & Write a Comment

    Learn more about how the humble email signature can be used as more than just an electronic business card. When used correctly, a signature can easily be tailored for different purposes by different departments within an organization.
    Granting full access permission allows users to access mailboxes present in their database. By giving full access permission one can open and read the content of any mailbox but cannot send emails from that mailbox.
    To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
    The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

    733 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    21 Experts available now in Live!

    Get 1:1 Help Now